Access "Laws of security: 10 security best practices"
This article is part of the May 2004 issue of Are you secure? Adam Putnam says, "Prove it!"
Ever notice how magazines try to pull you in by running a list on something you can't do without? ("47 ways to recharge your sex life," "59 patio redecorating tips," etc.) Well, if you're still reading, it worked. Most of these laws are the result of a collaborative effort. Tip o' the hat to Fred Avolio, Jay Heiser, Pete Lindstrom, Marcus Ranum and Joel Snyder for their input. You cannot eliminate risk. You can mitigate risk. You can insure against it. You can even ignore or accept it. But you can't eliminate it. Same goes for the components of risk: vulnerabilities, threats and impact. CEO's mantra: Make more, spend less. CEOs invest in security for two primary reasons: to comply with regulations; and to protect corporate image, brand, reputation and intellectual property. Your job is to demonstrate how spending a dime on security today saves the company a dollar tomorrow. "Good" security: No. "Good enough" security: Yes. It's often said that security is successful when nothing happens. But that doesn't mean a single breach means failure. You have to accept... Access >>>
Premium Content for Free.
Should new information security laws include auditing requirements?
by Erik Sherman
Get your security act together or Adam Putnam will do it for you. Federal information security laws and regulations could be the next thing infosec management has to worry about. Here you will learn about pending security laws requring security auditing requirements in this feature.
Exploring additional technologies to support antivirus scanning
by George A. Chidi Jr.
Security managers are looking beyond conventional AV to ensure business continuity and improve disaster recovery times.
Using email spam filtering techniques to get rid of spam
by Amber Plante
Filters stem the flow of junk email, but spam remains a big distraction. Learn how to use spam filtering techniques to get rid of spam.
- Should new information security laws include auditing requirements? by Erik Sherman
Secure data transmission with wireless access controllers
by Jon Edney
Sending data over the airwaves is risky. Wireless access controllers assure secure data transmission and reception.
Why and how the CISO job description is changing
by Gary Lynch
The Chief Information Security Officer (CISO) job description is changing. The new CISO must know how to quantify risk and how to understand business as well as computer security technologies.
- Secure data transmission with wireless access controllers by Jon Edney
Government cybersecurity: What is being done to fight cybercrime?
by Lawrence M. Walsh
Learn what can be done to fight cybercrime against privately owned networks.
Industry needs less ethical computer hacking, more risk management strategies
by Jay Heiser, Contributor
Enterprises need less ethical computer hacking and a better risk management strategy.
How to avoid Windows XP Service Pack 2 problems
by Victor R. Garza
Testing XP SP2 beta today will pay off in the long run and help admins to avoid any Windows XP Service Pack 2 problems.
Enhancing secure coding practices to secure your machine
by Pete Lindstrom, Contributor
Learn preventative measures to help improve secure coding practices and protect and secure your machine from the latest threats.
Laws of security: 10 security best practices
by Andrew Briney
Learn the laws of security and 10 security best practices.
- Government cybersecurity: What is being done to fight cybercrime? by Lawrence M. Walsh
More Premium Content Accessible For Free
As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...
All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...
The Fast Identity Online (FIDO) standards reached the public draft stage in February, and the first deployments of FIDO-ready technologies followed ...